SECURING YOUR NETWORK

Hi again,  And welcome back we went through a lot from setting up a home network with cisco packet tracer which gave us a real life simulation of how packets move in transit to knowing how to test the security of all known wireless encryption (WEP/WPA/WPA2)  using various methods and tools on kali linux. Just as its interesting to know how to crack them it is also relevant to know how to protect or rather secure your network and it is relatively easy to secure our network against these attacks we carried out as we know all the weakness that can be used by hackers to crack these encryptions.

So for this post we will be looking at ways to secure our network and on each of these encryptions.

1.) WEP: WEP is an old encryption and it is weak, i didn't make a post exploiting its weakness because modern devices don't use that encryption anymore they remain a number of methods that can be used to crack this encryption regardless of the strength of the password and even if there is nobody connected to the network. These attacks are possible because of the way WEP works we discussed it briefly but i'm sure you remember me mentioning IV packets which remains the biggest weakness of WEP which allows you crack the key in few minutes.

2.) WPA/WPA2: WPA and WPA2 are very similar, the only difference between them is the algorithm used to encrypt the information but both encryptions work in the same way. WPA/WPA2 can be cracked in two ways which we tested in the pervious projects were we used tools like aircrack by doing a dictionary attack by capturing the handshake to compare the wordlist files to see if they match the actual keys, if the password does not exist in the wordlist then the attacker will not be able to get the password. We also downloaded a tool called fluxion and tested an evil-twin attack with a captive portal which we demonstrated together. 

3.) WPS: We also discussed briefly about the WPS feature if enabled then there is a high chance of obtaining the key regardless of its complexity, this can be done by exploiting a weakness in the WPS feature.WPS is used to allow users to connect to their wireless networks without entering a key this is done by pressing the WPS button on both the router and the device that they want to connect. the authentication works using an eight digit pin. Hackers can brute-force this pin in a short period of time. i talked about a tool called reaver and how to search for routers with the WPS  enabled using a tool called wash it can also be used to bypass the WPA/WPA2 encryption. The only reason why i didn't make a project on this was because newer device have put in extra security for WPS features which requires the host to press the button of the device before the eight digit pin is sent across the network. 

Conclusion:

Do not use WEP encryption as we have seen how easy it is to crack regardless of the complexity of the password and even if there is nobody connected to the network.

Use WPA2 or WPA3 with complex passwords make sure the password contains small letters,capital letters, symbols and numbers.

Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.

That's all for now let me know if you enjoyed this and i have something exciting coming up next  bye for now.